CYBER STREETWISE. Open for Business

Transcription

1 CYBER STREETWISE Open for Business

2 As digital technologies transform the way we live and work, they also change the way that business is being done. There are massive opportunities for businesses that can get this right; companies who have effective cyber security in place can gain an advantage over their competitors because they are trusted by their customers. If people are aware their data and details are safe they are more likely to do business with you. This report shows that both consumer and business customers expect to interact with companies online with the same ease and confidence that they enjoy offline. Foreword Yet along with huge opportunities for SMEs trading online, there are risks and more businesses need to ensure they are protecting themselves from cyber criminals. The financial losses associated with cyber crime are significant for small businesses as well as larger ones. Leaders of small businesses need to do more to protect themselves and their customers online. This is why we are launching Cyber Streetwise, a major behavioural change campaign and an extensive online resource designed to provide SMEs with impartial advice and tips about how to make some simple but effective changes to improve their online security. This in turn will enhance their reputation, improve consumer confidence and ultimately, boost sales. What is clear from this report is that the busy entrepreneur, business owner or manager that makes time to prioritise cyber security will reap significant benefits in the long term. It is vital that we support UK businesses of all sizes to thrive and grow. Effective cyber security is good for business. David Willetts, Minister of State for Universities and Science James Brokenshire, Security Minister

3 Travel Art and Design Welcome Children s Photo here According to a government report 1 released last year, 87 per cent of small firms surveyed suffered an online security breach in the previous 12 months, including data corruption and loss as well as hacking and fraud. The worst of these breaches on average cost these small firms 35-65k each. A sizeable sum, but what about the longerterm damage of cyber crime to a company s reputation and sales? Conversely, is there an opportunity for those small firms that focus on cyber security to boost their reputations, gain competitive advantage and drive new business? To find answers to these questions, the government has conducted further research among 1,000 small and medium sized enterprises 2. We also sought the view of small firms customers, surveying 2,000 UK consumers as well as procurement managers at 150 large UK businesses (with more than 500 employees) which buy goods and services from smaller suppliers. Here we reveal a digital divide among small firms with respect to their cyber security practices, and show how many companies are failing to live up to their offline reputations in the online world. We then qualify the reputational impact of cyber security breaches and the scale of the opportunity for those firms that are actively, but safely engaged in online business. Finally, we give some practical tips to small businesses on operating safely online, and introduce cyberstreetwise.com a new online platform where firms can gain the essential advice needed to improve their cyber security. Welcome to Cyber Streetwise Open for Business. 1 BIS Information Breaches Survey, Small and medium sized enterprises are defined as having less than 250 employees for the purposes of simplicity we refer these as small firms throughout this report

4 Small firms are confident in their ability to stay safe online around four fifths say they understand the threats to their businesses (78 per cent) and have thought about what steps to take to be secure online (83 per cent). But our research reveals a digital divide in the UK small business population. A closer look at businesses internet security habits shows that half of small firms could be described as cyber streetwise, while the remaining half are placing their hard earned reputations at risk by failing to protect themselves from cyber crime. Just over half (55 per cent) of firms regularly review and update what needs to be done to keep the business safe online. Only around half of companies control access to their IT networks (48 per cent), regularly use complex access passwords (58 per cent), regularly monitor their IT systems for breaches (46 per cent) or restrict the use of USB storage devices (46 per cent). A slightly more encouraging two thirds (66 per cent) of small companies regularly download the latest software updates and patches, but just a quarter (26 per cent) regularly encrypt confidential information. Clearly, there is a gap between these firms confidence in their ability to stay safe online, and their capacity to do so in practice. While half of business leaders are getting it right, the other half are not only exposing their firms to significant risk, but also closing the door on a potential growth opportunity. Digital Divide 54 of firms don't regularly % monitor their IT systems for breaches 55 of firms regularly % review how to stay safe online

5 Expert view: SMEs are confident in their ability to stay safe online around four fifths say they understand the threats to their businesses (78 per cent) and have thought about what steps to take to be secure online (83 per cent). But our research reveals a digital divide in the UK SME population. A closer look at businesses internet security habits shows that half of SMEs could be described as cyber streetwise, while the remaining half are placing their hard earned reputations at risk by failing to protect themselves from cyber crime. James Lyne, Sophos Just over half (55 per cent) of firms regularly review and update what needs to done to keep the business safe online. Only around half of companies control access to their IT networks It is easy to get hung up on speculation about high-end threats and nasty, supposedly unblockable attacks on national infrastructure. However, in reality the majority of cyber crime relies on both consumers and small businesses failing to do the basics well. SophosLabs, a global network of cyber threat researchers and analysts, finds over 30,000 new infected websites distributing malware every day and, contrary to popular belief, the majority of these are not adult or gambling sites but rather legitimate small businesses whose websites have been hacked. (48 per cent), use complex access passwords (58 per cent), monitor their IT systems for breaches (50 per cent) or restrict the use of USB storage devices (46 per cent). A slightly more encouraging two thirds (66 per cent) of SMEs regularly download the latest software updates and patches, but just a quarter (26 per cent) regularly encrypt confidential information. Clearly, there is a gap between SMEs confidence in their ability to stay safe online, and their capacity to do so in practice. While half of business leaders are getting it right, the other half are not only exposing their firms to significant risk, but also closing the door on a potential growth opportunity. Digital divide These statistics underline how basic practices are still not sufficiently widespread. While a large number of companies use antivirus, other basic security best practices like regular software updates, using complex passwords and general data protection are very much lacking. Small firms who don t employ these basic security measures are making it easy for the attackers to silently install malicious code on their system without permission, meaning that high-end, clever attacks aren t typically required to succeed. The Cyber Street initiative can play a vital role in helping to raise the profile of these kinds of attacks and of the importance of security to both businesses and consumers across the country. Everyone needs to do their part to help keep the internet secure. By not following these simple practices you could be aiding and abetting cyber criminals in attacking your colleagues, friends, customers or even family. Let s make life harder for cyber criminals.

6

7 Business Behaving Badly We re urging businesses to take control of their online behaviours. In the offline world, successful small companies have always competed on their reputation renowned for their service quality, product knowledge, responsiveness and human touch. It s what gives customers a sense of security that they are safely dealing with a professional company. But what about online? As we have seen, around half of small business leaders are failing to protect themselves and their customers from cyber crime. But additionally, our research shows that a large proportion of these firms have no online presence at all. And of those that have websites, it is only those with sites that are well designed and up-to-date that are attracting customers. Many small businesses appear to adopt conflicting behaviours in the digital and real worlds in short, they re not living up to their offline reputations online. This is damaging these firms standing in both worlds and costing them valuable business. But those companies able to reconcile their online and offline behaviours are enjoying a major competitive advantage, attracting new customers and retaining existing business. There is a strong opportunity for more firms to follow the example set by the leaders of these businesses.

8 The Opportunity The online reputation opportunity lies in three stages, according to our research: 1. Get online Just being online gives businesses a fighting chance of forging a positive reputation in the digital world. This might sound obvious, and indeed the vast majority (87 per cent) of SMEs tell us the business rewards of using the internet outweigh the risks, yet more than a quarter (27 per cent) don t have a website. The majority of both consumers (82 per cent) and industrial buyers at large companies (x per cent) tell us they expect all businesses, no matter what size, to have a website these days, and that they tend to chose companies that have a website over those that do not (65 per cent of consumers, x per cent of procurement managers). When asked why, consumers say they want to be able to visit a website for information about the business to inform their purchase decision (as cited by 75 per cent). Meanwhile, x per cent of business buyers visit company websites as part of their due diligence process when selecting new suppliers. The online reputation opportunity lies in three stages, according to our research: 2. Look sharp 1. Get online Looks don t count for everything, but in the digital Just world, being SMEs online are gives losing businesses valuable a fighting custom with chance outdated a or positive cheap reputation looking websites. in the digital world. This of forging might sound obvious, and indeed the vast majority (87 per Consumers cent) of small say firms that a tell well-designed, us the business informative rewards of using site the gives internet them outweigh a sense of the security risks, yet about more the than a quarter business (27 per reliability cent) don t (x per have cent), a website. but that a poorly designed or cheap looking site damages their trust The in majority the company of both (x consumers per cent). The (82 majority per cent) (x and per industrial cent) of buyers business at large buyers companies say likewise. (85 per cent) tell us they expect all businesses, no matter what size, Yet to consumers have a website often these encounter days, and SMEs that with they tend to choose badly designed companies websites, that have putting a website them over off doing those that business do not (65 with per the cent company of consumers, (x per cent), 62 per and cent feel of procurement that most SMEs managers). sites don t do justice to the quality of the companies behind them (x per cent). When asked why, consumers say they want to be able to visit a website for information about the business to inform their purchase decision (as cited by 75 per Ensure your online presence reflects the quality of your real life offering to propel your business forward in both worlds. cent). Meanwhile, 91 per cent of business buyers visit company websites as part of their due diligence process when selecting new suppliers. Don t be afraid of engaging with the Internet. Get active online to avoid missing out on valuable new business opportunities. Get active online to avoid missing out on valuable new business opportunities.

9 2. Look sharp Looks don t count for everything, but in the digital world, small companies are losing valuable custom by not having easy to use, approachable websites. Consumers say that a well-designed, informative site gives them a sense of security about the business reliability (88 per cent), but that a poorly designed site damages their trust in the company (89 per cent). The majority (91 per cent) of business buyers say likewise. Yet many consumers often encounter small firms with badly designed websites, putting them off doing business with the company (53 per cent), and feel that most small firms sites don t do justice to the quality of the companies behind them (67 per cent). At the same time, it is now easier and cheaper than ever before for companies of this size to obtain a quality website. Many businesses are creating sites themselves using simple self-build packages, which can be very effective when kept clean, informative and easily navigable for customers. The online reputation opportunity lies in three stages, according to our research: 1. Get online Consumers say that a well-designed, informative Just being online gives businesses a fighting chance of site gives them a sense of security about the 3. forging Get a Cyber positive reputation Streetwise in the digital world. This business reliability (x per cent), but that a poorly might sound obvious, and indeed the vast majority designed or cheap looking site damages their trust The (87 most per surprising cent) of SMEs finding tell to us emerge the business from our rewards research of is the importance in the company that both (x per cent). The majority (x per consumer using the and internet business outweigh customers the place risks, on yet cyber more security than a when cent) choosing of business smaller buyers say likewise. suppliers. quarter (27 per cent) don t have a website. Yet consumers often encounter SMEs with A sizeable The majority proportion of both (59 consumers per cent) of (82 consumers per cent) and say they avoid badly shopping designed online websites, putting them off doing with industrial SMEs because buyers of at large fears companies over cyber (x security. per cent) Consumers tell would, business however, with the company (x per cent), and feel buy us more they online expect from all businesses, SMEs if these no matter businesses what were size, to better at showing that most how SMEs well sites don t do justice to the protected have a they website are these from cyber days, and crime that (82 they per tend cent). to chose quality of the companies behind them (x per cent). companies that have a website over those that do not More (65 than per cent three of quarters consumers, (77 per x per cent) cent of of procurement managers at big businesses, meanwhile, managers). require smaller suppliers to prove their cyber security credentials before selecting them. When asked why, consumers say they want to be able Ensure your online presence When to visit thinking a website about for online information crime, small about business the business leaders are more reflects fearful of the quality of your financial to inform losses their associated purchase with decision individual (as cited crimes by 75 than the long-term reputational per cent). Meanwhile, x per cent of business buyers real life offering to propel damage to their companies 3. But the overwhelming majority of consumers (92 per cent) visit and company business websites buyers (95 as part per cent) of their warn due that diligence they would avoid your a small business firm forward in both they process knew had when failed selecting to protect new suppliers. itself from cyber crime. Cyber crime can irreparably worlds. damage a company s reputation, limiting growth potential in the longer term. Don t be afraid of engaging with the Internet. Get active online to avoid your missing company. out on valuable new business opportunities. 2. Look sharp Ensure your online presence reflects the quality of Looks your don t count for everything, but in the digital real life offering to propel your business forward world, in both SMEs are losing valuable custom with outdated or cheap looking websites. worlds. Build and protect your reputation for safety and security online to drive new growth and retain existing business for per cent of SME leaders fear the financial loss to the business from a theft of money or bank details when going online, compared to 70 per cent who fear suffering reputational damage and 61 per cent who fear losing customers as a result of an online security issue

10 Prioritising Cyber Security Whether it s a start-up business employing a handful of people to serve a local market, or an established exporter with a 50-strong workforce, running a small business is an all-consuming job. So it s understandable that a majority (58 per cent) of leaders of these firms want to make online security a bigger priority, but say other things always seem more urgent. Leaders of small businesses are also reluctant to seek expert help with online security, and are almost as likely to consult friends and family as they are to pay for professional IT support 4. Improving cyber security is actually cheap, quick and easy for small companies, but business leaders must make it a priority and seek the advice and support they need to take control of their online lives. Which is why the government has created a unique website offering a range of interactive resources for small business leaders and staff to gain the essential advice needed to make their businesses safe online. But to get started, we have identified five simple steps every business should take today to immediately improve their online lives 4 Only 16 per cent of SMEs consult external IT professionals on internet security, while 9 per cent turn to friends or family members to handle cyber security in their organisation

11 Take control of your company online today by: 1. Installing and always updating antivirus and firewall software to protect your business and customer information 2. Using complex passwords for IT systems, computers and devices 3. Ensuring you and your staff never download something if its origin is unknown 4. Ensuring staff delete suspicious s before opening 5. Reviewing what important information your business holds and whether it is adequately protected To join the conversation online and use #becyberstreetwise

12 The GREAT Britain campaign is a partnership between private enterprise and Government to highlight support for businesses aspiring to succeed and to encourage entrepreneurial spirit. Visit to find links to support, advice, inspiration and guidance that will help take your business to the next level.

Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

For more advice contact: IT Service Centre T: (01332) 59 1234 E: ITServiceCentre@derby.ac.uk Online: http://itservicecentre.derby.ac.uk Version: February 2014 www.derby.ac.uk/its IT Security DO s and DON

Digital Consumer s Online Trends and Risks Modern consumers live a full-scale digital life. Their virtual assets like personal photos and videos, work documents, passwords to access social networking and

- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

Security & SMEs An Introduction by Jan Gessin Introduction to the problem SMEs convinced it will never happen to them. In many ways SMEs are more of a target than big business. Harsh realities of the online

You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect

cybersecurity.thalesgroup.com.au People, with their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the

VULNERABILITY ASSESSMENT FEELING VULNERABLE? YOU SHOULD BE. CONTENTS Feeling Vulnerable? You should be 3-4 Summary of Research 5 Did you remember to lock the door? 6 Filling the information vacuum 7 Quantifying

Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

Protect yourself online Connect Smart for Business SME TOOLKIT WELCOME To the Connect Smart for Business: SME Toolkit The innovation of small and medium sized enterprises (SMEs) is a major factor in New

STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department

Is your business secure in a hosted world? Threats to the security of business data are constantly growing and evolving - What can you do ensure your data remains secure? Introduction The safe use of computer

www.thalescyberassurance.com In this white paper Humans, their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions,

Building a career in specification sales A guide to specification sales What is specification selling? Who is the specifier? What stages does the specification decision process go through? What are the

Sound Business Practices for Businesses to Mitigate Corporate Account Takeover This white paper provides sound business practices for companies to implement to safeguard against Corporate Account Takeover.

e-commerce: A Guide for Small and Medium Enterprises HOW MID-SIZED COMPANIES CAN MAXIMISE THEIR ONLINE OPPORTUNITIES 1 The Online Opportunity Given the UK Government s recently announced plans to get 12.5

NATIONAL CYBER SECURITY AWARENESS MONTH Tip 1: Security is everyone s responsibility. Develop an awareness framework that challenges, educates and empowers your customers and employees to be part of the

Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

STOP.THINK.CONNECT NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION ABOUT STOP.THINK.CONNECT. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department

Global IT Security Risks June 17, 2011 Kaspersky Lab leverages the leading expertise in IT security risks, malware and vulnerabilities to protect its customers in the best possible way. To ensure the most

a b The way we do business. Our Code of Conduct and Ethics. Our Code of Conduct and Ethics In this Code, the Board of Directors and the Group Executive Board set out the principles and practices that define

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

RESEARCH PAPER The small business Cloud: escape the perfect storm If the future is cloud, how does the relationship between small companies and their service suppliers need to change? May 2014 Sponsored

National Cybersecurity Awareness Campaign About Stop.Think.Connect. In 2009, President Obama issued the Cyberspace Policy Review, which tasked the Department of Homeland Security with creating an ongoing

DENIAL OF SERVICE: HOW BUSINESSES EVALUATE THE IT SECURITY RISKS SPECIAL REPORT SERIES Kaspersky Lab 2 Corporate IT Security Risks Survey details: More than 5500 companies in 26 countries around the world

The 7 Most Cricitcal I.T. Security Protections Every Business Must Have in Place Now to Protect Themselves from Cybercrime, Data Breaches, and Hacker Attacks Cybercrime is at an all-time high, and hackers

STOP. THINK. CONNECT. Online Safety Quiz Round 1: Safety and Security Kristina is on Facebook and receives a friend request from a boy she doesn t know. What should she do? A. Accept the friend request.

Gain the cloud advantage Cloud computing explained Decide if the cloud is right for you See how to get started in the cloud What is cloud computing? Many businesses are moving their IT to the cloud. But

Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

INFOCOMM SEC RITY is INCOMPLETE WITHOUT Be aware, responsible secure! U HACKER Smack that What you can do with these five online security measures... ANTI-VIRUS SCAMS UPDATE FIREWALL PASSWORD FASTEN UP!

Strategic Guide Instant Messaging and Security Businesses recognise that instant messaging can help to improve employee productivity, but are often reluctant to sanction its use due to concerns about security.

10 SMART MONEY FACTS YOU NEED TO KNOW ABOUT BUSINESS SECURITY In the age of connected business work follows your workforce. You now have to keep track of your company assets and employees around the clock.

Social Media Status Update Messages October 2012 is National Cyber Security Awareness Month. Join the social media community and raise awareness about online safety and security. Use the following messages

Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

State of the Web 2015: Vulnerability Report March 2015 Motivation In February 2015, security researchers http://www.isightpartners.com/2015/02/codoso/ reported that Forbes.com had been hacked. The duration

Customer Education Series 5 Simple Ways To Avoid Getting An Avalanche of Spam A Business Owners Guide To Eliminating The 10-15 Most Unproductive Minutes Of Each Employee s Day 5 Easy Ways to Avoid Getting

(0 West Virginia Executive Branch Privacy Tip October Is National Cyber Security Awareness Month! In recognition of National Cyber Security Month, we are supplying tips to keep you safe in your work life

SURVEY REPORT: cyber security Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions Confidence in a connected world. Executive summary An online survey revealed that while U.S.

The Future of Network Security Sophos 2012 Network Security Survey Sophos and Vanson Bourne surveyed 571 IT decision makers globally to gain a deeper understanding of how IT teams are responding to technology

Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

Survey: Small Business Security A look at small business security perceptions and habits at each phase of business growth. www.csid.com SUMMARY Many small to medium-sized businesses (SMBs) are not taking

CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

The Role of Professional Email Services for Small to Medium Enterprises (SMEs) May 2013 The Role of Professional Email Services for Small to Medium Enterprises. Executive Summary The means by which small

A Guide to Carrying Out a SWOT Analysis Introduction Resource 1.4 A SWOT (strengths, weaknesses, opportunities and threats) analysis is often done as part of the process of developing a business plan or

Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will

WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in

Reliance Bank Fraud Prevention Best Practices May 2013 User ID and Password Guidelines Create a strong password with at least 8 characters that includes a combination of mixed case letters and numbers.

What you can do prevent virus infections on your computer A computer virus is program code which 'hides' in other files and can cause irreparable damage to your computer. Computer viruses spread easily

INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing

Panda Security Affiliate Program USA Alexander Moheit Panda Security Affiliate Management Team USA Email: alexander.moheit@asknet.com Welcome! The Panda Security affiliate program is one of the most profitable

High Speed Internet - User Guide Welcome to your world. 1 Welcome to your world :) Thank you for choosing Cogeco High Speed Internet. Welcome to your new High Speed Internet service. When it comes to a

Keeping out of harm s way in cyberspace Martin Smith MBE FSyI Chairman and Founder The Security Company (International) Limited The Security Awareness Special Interest Group What is Cybercrime? Criminal

400,000000 Almost 400 million people 1 fall victim to cybercrime every year. A common way for criminals to attack people is via websites, unfortunately this includes legitimate sites that have been hacked

Security Case Study Retailers choose Point for increased security Experience from Europe s most mature market Meet the company with 800 security staff Security is what Point is all about With its clear

1 TMCEC CYBER SECURITY TRAINING Agenda What is cyber-security? Why is cyber-security important? The essential role you play. Overview cyber security threats. Best practices in dealing with those threats.

Commissioned Study SURVEY: Mobile Threats are Real and Costly Introduction A lack of integrated mobile security is costing companies in terms of everything from lost productivity to lost data. Cyber criminals

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/05-2007 Written by Dennis Rand rand@csis.dk http://www.csis.dk Table of contents Table of contents...